On 28/08/2025 17:14, Takashi Kajinami wrote:
Assuming you agree that you have a load balancer in front of neutron/nova api which terminates SSL, another thing you may have to check is that your load balancer is configured to pass down the Forwarded header in RFC7239 format or it adds the combination of the X-Forwarded-Proto header when a request is proxied/forwarded to api services so that the backend api services can detect the protocol in loadbalancer frontend.
i think this would also be needed if your using apache with mod_ssl to handel the tls termintation instead of doign that in python. even with mod_wsgi instead of an external wsgi applctions server like uwsgi. it is possibel we have a bug here but this is good to check.
Also in case you customize api-paste.ini of these services then make sure that the http_proxy_to_wsgi middleware is in api pipelines (though I guess many users do not actually customize pipeline these days).
On 8/29/25 12:49 AM, Chang Xue wrote:
Yes I have it in my neutron.conf but it's not working.
From openstack port list --debug, I could see `href":"http://openstack.bve.example.com:9696/v2.0/ports?fields=id&fields=name&fields=mac_address&fields=fixed_ips&fields=status&marker=...` in RESP BODY. Makes me think neutron is giving http in pagination href while the first call from the port list command is sending https.